Re: ptrdiff_t overflow checks for malloc-posix etc.

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ptrdiff_t overflow checks for malloc-posix etc.

From:	Bruno Haible
Subject:	Re: ptrdiff_t overflow checks for malloc-posix etc.
Date:	Sun, 09 May 2021 18:46:45 +0200
User-agent:	KMail/5.1.3 (Linux/4.4.0-206-generic; KDE/5.18.0; x86_64; ; )

Paul Eggert wrote:
> I installed the attached patches into Gnulib to make its malloc 
> replacements ptrdiff_t safe.

When testing m4-1.4.18b on IRIX 6.5, I get a test failure:

FAIL: test-reallocarray

Let's look in detail:

$ ./test-reallocarray ; echo $?
2

There is a call
  p = realloc (NULL, 2*1073741824);
which returns NULL with errno being 0.

Since the 'reallocarray' module depends on 'realloc-gnu', and the
'realloc-gnu' and 'realloc-posix' documentation says:

  Portability problems fixed by Gnulib:
  @itemize
  @item
  Upon failure, the function does not set @code{errno} to @code{ENOMEM} on
  some platforms:
  mingw, MSVC 14.

  @item
  On some platforms, @code{realloc (p, n)} can succeed even if @code{n}
  exceeds @code{PTRDIFF_MAX}.  Although this behavior is arguably
  allowed by POSIX it can lead to behavior not defined by POSIX later,
  so @code{realloc-posix} does not allow going over the limit.
  @end itemize

So, what the documentation implies and what the reallocarray unit test
verifies is that
  realloc (NULL, n)  where n > PTRDIFF_MAX
1) returns NULL and
2) sets errno to ENOMEM.

On IRIX (in n32 ABI), expectation 1) is fulfilled but 2) is not.
Likewise for malloc and calloc.

I'm adding two patches
  - to make sure that the 'realloc-gnu' unit test already fails in this
    situation,
  - to fix 'realloc-gnu' on IRIX, so that it actually compiles the
    replacement code lib/realloc.c.

2021-05-09  Bruno Haible  <bruno@clisp.org>

        malloc-gnu, realloc-gnu, calloc-gnu: Ensure errno gets set on IRIX.
        * m4/malloc.m4 (gl_CHECK_MALLOC_POSIX): Require AC_CANONICAL_HOST. Set
        gl_cv_func_malloc_posix to 'no' also on IRIX.

        malloc-gnu, realloc-gnu, calloc-gnu tests: Verify errno is set.
        * tests/test-malloc-gnu.c: Include <errno.h>.
        (main): Verify that, when an allocation larger than PTRDIFF_MAX failed,
        errno is ENOMEM.
        * tests/test-realloc-gnu.c: Likewise.
        * tests/test-calloc-gnu.c: Likewise.

0001-malloc-gnu-realloc-gnu-calloc-gnu-tests-Verify-errno.patch
Description: Text Data

0002-malloc-gnu-realloc-gnu-calloc-gnu-Ensure-errno-gets-.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

Re: ptrdiff_t overflow checks for malloc-posix etc., Bruno Haible <=
- Re: ptrdiff_t overflow checks for malloc-posix etc., Bruno Haible, 2021/05/09
  - Re: ptrdiff_t overflow checks for malloc-posix etc., Bruno Haible, 2021/05/09
    - Re: ptrdiff_t overflow checks for malloc-posix etc., Paul Eggert, 2021/05/10

Prev by Date: getrandom: Fail with ENOSYS when the system has no randomness source
Next by Date: Re: ptrdiff_t overflow checks for malloc-posix etc.
Previous by thread: getrandom: Fail with ENOSYS when the system has no randomness source
Next by thread: Re: ptrdiff_t overflow checks for malloc-posix etc.
Index(es):
- Date
- Thread